Lucene search
K

42 matches found

UbuntuCve
UbuntuCve
added 2006/03/19 11:6 a.m.38 views

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...

5CVSS6AI score0.01275EPSS
Exploits0References1
OSV
OSV
added 2006/03/19 11:6 a.m.6 views

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...

6.7AI score
Exploits0References6
NVD
NVD
added 2006/03/19 11:6 a.m.22 views

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...

5CVSS6.5AI score0.01275EPSS
Exploits0References6
OSV
OSV
added 2006/03/19 11:6 a.m.6 views

CVE-2006-1280

CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...

6.4AI score
Exploits0References8
Cvelist
Cvelist
added 2006/03/19 11:0 a.m.22 views

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...

6.4AI score0.01275EPSS
Exploits0References6
CVE
CVE
added 2006/03/19 11:0 a.m.42 views

CVE-2006-1279

CVE-2006-1279 affects CGI::Session 4.03-1. The vulnerability allows local users to overwrite arbitrary files by exploiting a symlink attack on temporary files used by the drivers File, db_file, and possibly sqlite. The issue is a local-privilege/file-write vulnerability rather than a remote-execu...

5CVSS6.5AI score0.01275EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/03/19 11:0 a.m.17 views

CVE-2006-1280

CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...

6.1AI score0.01619EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2006/03/19 11:0 a.m.17 views

CVE-2006-1279

CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by 1 Driver::File, 2 Driver::dbfile, and possibly 3 Driver::sqlite...

5CVSS6.3AI score0.01275EPSS
Exploits0
Debian CVE
Debian CVE
added 2006/03/19 11:0 a.m.17 views

CVE-2006-1280

CGI::Session 4.03-1 does not set proper permissions on temporary files created in 1 Driver::File and 2 Driver::dbfile, which allows local users to obtain privileged information, such as session keys, by viewing the files...

7.5CVSS6AI score0.01619EPSS
Exploits1
securityvulns
securityvulns
added 2006/03/14 12:0 a.m.36 views

[SA19211] CGI::Session Insecure Default Session File Permissions

TITLE: CGI::Session Insecure Default Session File Permissions SECUNIA ADVISORY ID: SA19211 VERIFY ADVISORY: http://secunia.com/advisories/19211/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: CGI::Session 4.x http://secunia.com/product/8688/...

0.6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2004/10/20 4:0 a.m.15 views

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

2.1CVSS7.1AI score0.00364EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/10/02 12:0 a.m.20 views

RHEL 2.1 / 3 : ruby (RHSA-2004:441)

An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...

2.1CVSS7AI score0.00364EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2004/09/30 2:25 p.m.5 views

security flaw

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

2.1CVSS7.1AI score0.00364EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2004/09/30 2:25 p.m.21 views

Low: Red Hat Security Advisory: ruby security update

An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...

2.1CVSS7.1AI score0.00364EPSS
Exploits0References2
securityvulns
securityvulns
added 2004/09/06 12:0 a.m.33 views

Ruby symbolic links problem

CGI::Session unsecurely creates temporary file...

1.2AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/09/04 12:0 a.m.18 views

GLSA-200409-08 : Ruby: CGI::Session creates files insecurely

The remote host is affected by the vulnerability described in GLSA-200409-08 Ruby: CGI::Session creates files insecurely The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Session instance to be written to a file, writes t...

2.1CVSS7.2AI score0.00364EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2004/09/03 12:0 a.m.18 views

Ruby: CGI::Session creates files insecurely

Background Ruby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. Description The CGI::Session::FileStore implementation and presumably CGI::Session::PStore, which allow data associated with a particular Sessi...

2.1CVSS5.7AI score0.00364EPSS
Exploits0
CVE
CVE
added 2004/08/19 4:0 a.m.69 views

CVE-2004-0755

The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...

2.1CVSS5.8AI score0.00364EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2004/08/19 4:0 a.m.25 views

CVE-2004-0755

The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions...

5.8AI score0.00364EPSS
Exploits0References6
Debian
Debian
added 2004/08/16 4:12 a.m.21 views

[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management

-------------------------------------------------------------------------- Debian Security Advisory DSA 537-1 [email protected] http://www.debian.org/security/ Martin Schulze August 16th, 2004 http://www.debian.org/security/faq -...

2.1CVSS0.1AI score0.00364EPSS
Exploits0
Rows per page
Query Builder